mirror of
https://git.mirrors.martin98.com/https://github.com/infiniflow/ragflow.git
synced 2025-08-12 22:08:59 +08:00
859 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Wang Baoling
|
74ebc497c1
|
fix: ERROR: 'CompletionUsage' object has no attribute 'get' (#1736)
### What problem does this PR solve? _Briefly describe what this PR aims to solve. Include background context that will help reviewers understand the purpose of the PR._ ### Type of change - [x] Bug Fix (non-breaking change which fixes an issue) |
||
|
balibabu
|
161cb08bbd
|
feat: Add bing and google operator #918 (#1745)
### What problem does this PR solve? feat: Add bing and google operator #918 ### Type of change - [x] New Feature (non-breaking change which adds functionality) |
||
|
黄腾
|
ff8702f7de
|
add support for LocalLLM (#1744)
### What problem does this PR solve? add support for LocalLLM ### Type of change - [x] New Feature (non-breaking change which adds functionality) --------- Co-authored-by: Zhedong Cen <cenzhedong2@126.com> |
||
|
Yuhao Tsui
|
a973b9e01f
|
Fix: Embedding err when docx contains unsupported images (#1720)
### What problem does this PR solve? Fix the problem of not being able to embedding when docx document contains unsupported images. ### Type of change - [x] Bug Fix (non-breaking change which fixes an issue) --------- Co-authored-by: Kevin Hu <kevinhu.sh@gmail.com> |
||
|
zhuhao
|
5e19423d82
|
support reset the user email (#1735)
### What problem does this PR solve? support reset the user email from old to new #1723 ### Type of change - [x] New Feature (non-breaking change which adds functionality) |
||
|
黄腾
|
29f7f8b81e
|
fix MiniMax chat bug (#1733)
### What problem does this PR solve? #1717 fix MiniMax chat bug ### Type of change - [x] Bug Fix (non-breaking change which fixes an issue) Co-authored-by: Zhedong Cen <cenzhedong2@126.com> |
||
|
H
|
6012f376ca
|
Add component google,Bing (#1737)
### What problem does this PR solve? ### Type of change - [x] New Feature (non-breaking change which adds functionality) --------- Co-authored-by: Kevin Hu <kevinhu.sh@gmail.com> |
||
|
balibabu
|
8468031e39
|
fix: Fetch chunk list by @tanstack/react-query #1306 (#1738)
### What problem does this PR solve? fix: Fetch chunk list by @tanstack/react-query #1306 ### Type of change - [x] Bug Fix (non-breaking change which fixes an issue) |
||
|
H
|
aac460ad29
|
Fix index=true (#1734)
### What problem does this PR solve? ### Type of change - [x] Refactoring --------- Co-authored-by: Kevin Hu <kevinhu.sh@gmail.com> |
||
|
黄腾
|
753c13d76f
|
fix add local vision llm error when cannot download test pic (#1732)
### What problem does this PR solve? #1726 fix add local vision llm error when cannot download test pic ### Type of change - [x] Bug Fix (non-breaking change which fixes an issue) Co-authored-by: Zhedong Cen <cenzhedong2@126.com> |
||
|
H
|
0cb588f7bf
|
Fix docx parser line bug (#1715)
### What problem does this PR solve? #1704 ### Type of change - [x] Bug Fix (non-breaking change which fixes an issue) --------- Co-authored-by: Kevin Hu <kevinhu.sh@gmail.com> |
||
|
Jason Lee
|
ebdd71ce68
|
fix: When parsing the bold content in PDF, the result is duplicated. (#1729)
### What problem does this PR solve? _fix: When parsing the bold content in PDF, the result is duplicated._ the detail: [When using OCR to recognize Chinese titles, the structure appears to be duplicated](https://github.com/infiniflow/ragflow/issues/1718) ### Type of change - [x] Bug Fix (non-breaking change which fixes an issue) |
||
|
H
|
013856b604
|
Fix multiple generate (#1722)
### What problem does this PR solve? #1625 ### Type of change - [x] New Feature (non-breaking change which adds functionality) |
||
|
黄腾
|
61096596bc
|
fix OpenAI llm return bug (#1728)
### What problem does this PR solve? fix OpenAI llm return bug ### Type of change - [x] Bug Fix (non-breaking change which fixes an issue) |
||
|
balibabu
|
549d67e281
|
fix: test chunk by @tanstack/react-query #1306 (#1719)
### What problem does this PR solve? fix: test chunk by @tanstack/react-query #1306 ### Type of change - [x] Bug Fix (non-breaking change which fixes an issue) |
||
|
H
|
79c873344b
|
Fix docs parser (#1714)
### What problem does this PR solve? #1711 ### Type of change - [x] Bug Fix (non-breaking change which fixes an issue) |
||
|
Wang
|
548f01850f
|
Add Kibana component for Elasticsearch (#1710)
### What problem does this PR solve? Add Kibana component for Elasticsearch ### Type of change - [ ] Bug Fix (non-breaking change which fixes an issue) - [x] New Feature (non-breaking change which adds functionality) --------- Co-authored-by: Theta Wang (ncu) <chunshan.connect@gmail.com> |
||
|
balibabu
|
3f495b2d22
|
fix: Remove kAModel #1306 (#1713)
### What problem does this PR solve? fix: Remove kAModel #1306 ### Type of change - [x] Bug Fix (non-breaking change which fixes an issue) |
||
|
H
|
c943517932
|
Fix pdfparser error (#1707)
### What problem does this PR solve? ### Type of change - [x] Bug Fix (non-breaking change which fixes an issue) |
||
|
balibabu
|
935687998e
|
fix: fetch user by @tanstack/react-query #1306 (#1709)
### What problem does this PR solve? fix: fetch user by @tanstack/react-query #1306 ### Type of change - [x] Bug Fix (non-breaking change which fixes an issue) |
||
|
balibabu
|
375f621405
|
fix: fetch llm list by @tanstack/react-query #1306 (#1708)
### What problem does this PR solve? fix: fetch llm list by @tanstack/react-query #1306 ### Type of change - [x] Bug Fix (non-breaking change which fixes an issue) |
||
|
balibabu
|
a99d19bdea
|
fix: alter Arxiv to ArXiv #918 (#1705)
### What problem does this PR solve? fix: alter Arxiv to ArXiv #918 ### Type of change - [x] Bug Fix (non-breaking change which fixes an issue) |
||
|
balibabu
|
906c0c5c89
|
fix: Set the default value of Self RAG to false #1220 (#1702)
### What problem does this PR solve? fix: Set the default value of Self RAG to false #1220 fix: Change all tool file names to kebab format ### Type of change - [x] Bug Fix (non-breaking change which fixes an issue) |
||
|
Kevin Hu
|
c92d334b29
|
fix bug of regx (#1703)
### What problem does this PR solve? #1689 ### Type of change - [x] Bug Fix (non-breaking change which fixes an issue) |
||
|
Myth
|
d38f995ba6
|
fix: Fix for Empty Reference Array Causing Errors (#1652)
### What problem does this PR solve?
This pull request addresses an issue where the reference is an empty
array ([]) in specific cases, leading to errors in the application. When
the reference is empty, the code attempts to call the get method on a
list, resulting in the following error message:
``` json
{"retcode": 500, "retmsg": "'list' object has no attribute 'get'", "data": {"answer": "**ERROR**: 'list' object has no attribute 'get'", "reference": []}}
```
### Type of change
- [x] Bug Fix (non-breaking change which fixes an issue)
Co-authored-by: Kevin Hu <kevinhu.sh@gmail.com>
|
||
|
江不江
|
bc50f68127
|
fix embedding_model (#1698)
### What problem does this PR solve? fix embedding_model #1692 ### Type of change - [x] Bug Fix (non-breaking change which fixes an issue) Signed-off-by: seaver <zhudan187@qq.com> |
||
|
H
|
b24abee364
|
Fix pdfparser content confusion (#1700)
### What problem does this PR solve? #1407 #1656 ### Type of change - [x] Bug Fix (non-breaking change which fixes an issue) |
||
|
balibabu
|
6fee2962cb
|
fix: Limit the length of the new password input box to no less than 8 #1634 (#1696)
### What problem does this PR solve? fix: Limit the length of the new password input box to no less than 8 #1634 ### Type of change - [x] Bug Fix (non-breaking change which fixes an issue) |
||
|
黄腾
|
e67bfca552
|
refactor some llm api using openai api format (#1692)
### What problem does this PR solve? refactor some llm api using openai api format ### Type of change - [x] Refactoring --------- Co-authored-by: Zhedong Cen <cenzhedong2@126.com> |
||
|
balibabu
|
d5f87a5498
|
fix: Set the default language to English #1306 (#1694)
### What problem does this PR solve? fix: Set the default language to English #1306 ### Type of change - [x] Bug Fix (non-breaking change which fixes an issue) |
||
|
balibabu
|
d7426d86d5
|
fix: Fixed an issue where the project could not be built #1306 (#1693)
### What problem does this PR solve? fix: Fixed an issue where the project could not be built #1306 ### Type of change - [x] Bug Fix (non-breaking change which fixes an issue) |
||
|
balibabu
|
7ca98848ac
|
fix: Login with @tanstack/react-query #1306 (#1691)
### What problem does this PR solve? fix: Login with @tanstack/react-query #1306 ### Type of change - [x] Bug Fix (non-breaking change which fixes an issue) |
||
|
Kung Quang
|
32d5885b68
|
Fix api reference empty bug (#1655)
### What problem does this PR solve?
fix api reference empty bug
```
for chunk_i in answer['reference'].get('chunks',[]):
^^^^^^^^^^^^^^^^^^^^^^^
AttributeError: 'list' object has no attribute 'get'
```
```
return np.array([d["relevance_score"] for d in res["results"]]), res["meta"]["tokens"]["input_tokens"]+res["meta"]["tokens"]["output_tokens"]
~~~^^^^^^^^^^^
KeyError: 'results'
```
### Type of change
- [x] Bug Fix (non-breaking change which fixes an issue)
|
||
|
dependabot[bot]
|
f4d182e4ee
|
build(deps-dev): bump ws from 8.17.0 to 8.18.0 in /web (#1668)
Bumps [ws](https://github.com/websockets/ws) from 8.17.0 to 8.18.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/websockets/ws/releases">ws's releases</a>.</em></p> <blockquote> <h2>8.18.0</h2> <h1>Features</h1> <ul> <li>Added support for <code>Blob</code> (<a href="https://redirect.github.com/websockets/ws/issues/2229">#2229</a>).</li> </ul> <h2>8.17.1</h2> <h1>Bug fixes</h1> <ul> <li>Fixed a DoS vulnerability (<a href="https://redirect.github.com/websockets/ws/issues/2231">#2231</a>).</li> </ul> <p>A request with a number of headers exceeding the[<code>server.maxHeadersCount</code>][] threshold could be used to crash a ws server.</p> <pre lang="js"><code>const http = require('http'); const WebSocket = require('ws'); <p>const wss = new WebSocket.Server({ port: 0 }, function () { const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split(''); const headers = {}; let count = 0;</p> <p>for (let i = 0; i < chars.length; i++) { if (count === 2000) break;</p> <pre><code>for (let j = 0; j &lt; chars.length; j++) { const key = chars[i] + chars[j]; headers[key] = 'x'; if (++count === 2000) break; } </code></pre> <p>}</p> <p>headers.Connection = 'Upgrade'; headers.Upgrade = 'websocket'; headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ=='; headers['Sec-WebSocket-Version'] = '13';</p> <p>const request = http.request({ headers: headers, host: '127.0.0.1', port: wss.address().port });</p> <p>request.end(); }); </code></pre></p> <p>The vulnerability was reported by <a href="https://github.com/rrlapointe">Ryan LaPointe</a> in <a href="https://redirect.github.com/websockets/ws/issues/2230">websockets/ws#2230</a>.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
69b9581417
|
build(deps): bump follow-redirects from 1.15.4 to 1.15.6 in /web (#1678)
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.15.4 to 1.15.6. <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
1e21056364
|
build(deps-dev): bump axios from 0.27.2 to 1.7.2 in /web (#1679)
Bumps [axios](https://github.com/axios/axios) from 0.27.2 to 1.7.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/axios/axios/releases">axios's releases</a>.</em></p> <blockquote> <h2>Release v1.7.2</h2> <h2>Release notes:</h2> <h3>Bug Fixes</h3> <ul> <li><strong>fetch:</strong> enhance fetch API detection; (<a href="https://redirect.github.com/axios/axios/issues/6413">#6413</a>) (<a href=" |
||
|
Kevin Hu
|
fdfa5d0ad4
|
fix graph bug about second retrieval (#1688)
### What problem does this PR solve? #1651 ### Type of change - [x] Bug Fix (non-breaking change which fixes an issue) |
||
|
黄腾
|
d96348eb22
|
add support for LM Studio (#1663)
### What problem does this PR solve? #1602 ### Type of change - [x] New Feature (non-breaking change which adds functionality) --------- Co-authored-by: Zhedong Cen <cenzhedong2@126.com> |
||
|
Kevin Hu
|
100b3165d8
|
pypdf2 to pypdf (#1684)
### What problem does this PR solve? pypdf and PyPDF2 possible Infinite Loop when a comment isn't followed by a character #59 ### Type of change - [x] Refactoring |
||
|
balibabu
|
7e60800c95
|
feat: add arxiv operator #918 (#1683)
### What problem does this PR solve? feat: add arxiv operator #918 ### Type of change - [x] New Feature (non-breaking change which adds functionality) |
||
|
cHz
|
4b195cc14c
|
fix: Misspelled Variable Name (#1662)
### What problem does this PR solve? ### Type of change - [x] Bug Fix (non-breaking change which fixes an issue) |
||
|
dependabot[bot]
|
7034dc8dea
|
build(deps): bump setuptools from 69.5.1 to 70.0.0 (#1666)
Bumps [setuptools](https://github.com/pypa/setuptools) from 69.5.1 to 70.0.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/setuptools/blob/main/NEWS.rst">setuptools's changelog</a>.</em></p> <blockquote> <h1>v70.0.0</h1> <h2>Features</h2> <ul> <li>Emit a warning when <code>[tools.setuptools]</code> is present in <code>pyproject.toml</code> and will be ignored. -- by :user:<code>SnoopJ</code> (<a href="https://redirect.github.com/pypa/setuptools/issues/4150">#4150</a>)</li> <li>Improved <code>AttributeError</code> error message if <code>pkg_resources.EntryPoint.require</code> is called without extras or distribution Gracefully "do nothing" when trying to activate a <code>pkg_resources.Distribution</code> with a <code>None</code> location, rather than raising a <code>TypeError</code> -- by :user:<code>Avasam</code> (<a href="https://redirect.github.com/pypa/setuptools/issues/4262">#4262</a>)</li> <li>Typed the dynamically defined variables from <code>pkg_resources</code> -- by :user:<code>Avasam</code> (<a href="https://redirect.github.com/pypa/setuptools/issues/4267">#4267</a>)</li> <li>Modernized and refactored VCS handling in package_index. (<a href="https://redirect.github.com/pypa/setuptools/issues/4332">#4332</a>)</li> </ul> <h2>Bugfixes</h2> <ul> <li>In install command, use super to call the superclass methods. Avoids race conditions when monkeypatching from _distutils_system_mod occurs late. (<a href="https://redirect.github.com/pypa/setuptools/issues/4136">#4136</a>)</li> <li>Fix finder template for lenient editable installs of implicit nested namespaces constructed by using <code>package_dir</code> to reorganise directory structure. (<a href="https://redirect.github.com/pypa/setuptools/issues/4278">#4278</a>)</li> <li>Fix an error with <code>UnicodeDecodeError</code> handling in <code>pkg_resources</code> when trying to read files in UTF-8 with a fallback -- by :user:<code>Avasam</code> (<a href="https://redirect.github.com/pypa/setuptools/issues/4348">#4348</a>)</li> </ul> <h2>Improved Documentation</h2> <ul> <li>Uses RST substitution to put badges in 1 line. (<a href="https://redirect.github.com/pypa/setuptools/issues/4312">#4312</a>)</li> </ul> <h2>Deprecations and Removals</h2> <ul> <li> <p>Further adoption of UTF-8 in <code>setuptools</code>. This change regards mostly files produced and consumed during the build process (e.g. metadata files, script wrappers, automatically updated config files, etc..) Although precautions were taken to minimize disruptions, some edge cases might be subject to backwards incompatibility.</p> <p>Support for <code>"locale"</code> encoding is now <strong>deprecated</strong>. (<a href="https://redirect.github.com/pypa/setuptools/issues/4309">#4309</a>)</p> </li> <li> <p>Remove <code>setuptools.convert_path</code> after long deprecation period. This function was never defined by <code>setuptools</code> itself, but rather a side-effect of an import for internal usage. (<a href="https://redirect.github.com/pypa/setuptools/issues/4322">#4322</a>)</p> </li> <li> <p>Remove fallback for customisations of <code>distutils</code>' <code>build.sub_command</code> after long deprecated period. Users are advised to import <code>build</code> directly from <code>setuptools.command.build</code>. (<a href="https://redirect.github.com/pypa/setuptools/issues/4322">#4322</a>)</p> </li> <li> <p>Removed <code>typing_extensions</code> from vendored dependencies -- by :user:<code>Avasam</code> (<a href="https://redirect.github.com/pypa/setuptools/issues/4324">#4324</a>)</p> </li> <li> <p>Remove deprecated <code>setuptools.dep_util</code>. The provided alternative is <code>setuptools.modified</code>. (<a href="https://redirect.github.com/pypa/setuptools/issues/4360">#4360</a>)</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
71f2ba1452
|
build(deps): bump werkzeug from 3.0.1 to 3.0.3 (#1669)
Bumps [werkzeug](https://github.com/pallets/werkzeug) from 3.0.1 to 3.0.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pallets/werkzeug/releases">werkzeug's releases</a>.</em></p> <blockquote> <h2>3.0.3</h2> <p>This is the Werkzeug 3.0.3 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.</p> <p>PyPI: <a href="https://pypi.org/project/Werkzeug/3.0.3/">https://pypi.org/project/Werkzeug/3.0.3/</a> Changes: <a href="https://werkzeug.palletsprojects.com/en/3.0.x/changes/#version-3-0-3">https://werkzeug.palletsprojects.com/en/3.0.x/changes/#version-3-0-3</a> Milestone: <a href="https://github.com/pallets/werkzeug/milestone/35?closed=1">https://github.com/pallets/werkzeug/milestone/35?closed=1</a></p> <ul> <li>Only allow <code>localhost</code>, <code>.localhost</code>, <code>127.0.0.1</code>, or the specified hostname when running the dev server, to make debugger requests. Additional hosts can be added by using the debugger middleware directly. The debugger UI makes requests using the full URL rather than only the path. GHSA-2g68-c3qc-8985</li> <li>Make reloader more robust when <code>""</code> is in <code>sys.path</code>. <a href="https://redirect.github.com/pallets/werkzeug/issues/2823">#2823</a></li> <li>Better TLS cert format with <code>adhoc</code> dev certs. <a href="https://redirect.github.com/pallets/werkzeug/issues/2891">#2891</a></li> <li>Inform Python < 3.12 how to handle <code>itms-services</code> URIs correctly, rather than using an overly-broad workaround in Werkzeug that caused some redirect URIs to be passed on without encoding. <a href="https://redirect.github.com/pallets/werkzeug/issues/2828">#2828</a></li> <li>Type annotation for <code>Rule.endpoint</code> and other uses of <code>endpoint</code> is <code>Any</code>. <a href="https://redirect.github.com/pallets/werkzeug/issues/2836">#2836</a></li> </ul> <h2>3.0.2</h2> <p>This is a fix release for the 3.0.x feature branch.</p> <ul> <li>Changes: <a href="https://werkzeug.palletsprojects.com/en/3.0.x/changes/#version-3-0-2">https://werkzeug.palletsprojects.com/en/3.0.x/changes/#version-3-0-2</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pallets/werkzeug/blob/main/CHANGES.rst">werkzeug's changelog</a>.</em></p> <blockquote> <h2>Version 3.0.3</h2> <p>Released 2024-05-05</p> <ul> <li> <p>Only allow <code>localhost</code>, <code>.localhost</code>, <code>127.0.0.1</code>, or the specified hostname when running the dev server, to make debugger requests. Additional hosts can be added by using the debugger middleware directly. The debugger UI makes requests using the full URL rather than only the path. :ghsa:<code>2g68-c3qc-8985</code></p> </li> <li> <p>Make reloader more robust when <code>""</code> is in <code>sys.path</code>. :pr:<code>2823</code></p> </li> <li> <p>Better TLS cert format with <code>adhoc</code> dev certs. :pr:<code>2891</code></p> </li> <li> <p>Inform Python < 3.12 how to handle <code>itms-services</code> URIs correctly, rather than using an overly-broad workaround in Werkzeug that caused some redirect URIs to be passed on without encoding. :issue:<code>2828</code></p> </li> <li> <p>Type annotation for <code>Rule.endpoint</code> and other uses of <code>endpoint</code> is <code>Any</code>. :issue:<code>2836</code></p> </li> <li> <p>Make reloader more robust when <code>""</code> is in <code>sys.path</code>. :pr:<code>2823</code></p> </li> </ul> <h2>Version 3.0.2</h2> <p>Released 2024-04-01</p> <ul> <li>Ensure setting <code>merge_slashes</code> to <code>False</code> results in <code>NotFound</code> for repeated-slash requests against single slash routes. :issue:<code>2834</code></li> <li>Fix handling of <code>TypeError</code> in <code>TypeConversionDict.get()</code> to match <code>ValueError</code>. :issue:<code>2843</code></li> <li>Fix <code>response_wrapper</code> type check in test client. :issue:<code>2831</code></li> <li>Make the return type of <code>MultiPartParser.parse</code> more precise. :issue:<code>2840</code></li> <li>Raise an error if converter arguments cannot be parsed. :issue:<code>2822</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
1ec84a589e
|
build(deps): bump aiohttp from 3.9.3 to 3.9.4 (#1670)
Bumps [aiohttp](https://github.com/aio-libs/aiohttp) from 3.9.3 to 3.9.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/aio-libs/aiohttp/releases">aiohttp's releases</a>.</em></p> <blockquote> <h2>3.9.4</h2> <h2>Bug fixes</h2> <ul> <li> <p>The asynchronous internals now set the underlying causes when assigning exceptions to the future objects -- by :user:<code>webknjaz</code>.</p> <p><em>Related issues and pull requests on GitHub:</em> <a href="https://redirect.github.com/aio-libs/aiohttp/issues/8089">#8089</a>.</p> </li> <li> <p>Treated values of <code>Accept-Encoding</code> header as case-insensitive when checking for gzip files -- by :user:<code>steverep</code>.</p> <p><em>Related issues and pull requests on GitHub:</em> <a href="https://redirect.github.com/aio-libs/aiohttp/issues/8104">#8104</a>.</p> </li> <li> <p>Improved the DNS resolution performance on cache hit -- by :user:<code>bdraco</code>.</p> <p>This is achieved by avoiding an :mod:<code>asyncio</code> task creation in this case.</p> <p><em>Related issues and pull requests on GitHub:</em> <a href="https://redirect.github.com/aio-libs/aiohttp/issues/8163">#8163</a>.</p> </li> <li> <p>Changed the type annotations to allow <code>dict</code> on :meth:<code>aiohttp.MultipartWriter.append</code>, :meth:<code>aiohttp.MultipartWriter.append_json</code> and :meth:<code>aiohttp.MultipartWriter.append_form</code> -- by :user:<code>cakemanny</code></p> <p><em>Related issues and pull requests on GitHub:</em> <a href="https://redirect.github.com/aio-libs/aiohttp/issues/7741">#7741</a>.</p> </li> <li> <p>Ensure websocket transport is closed when client does not close it -- by :user:<code>bdraco</code>.</p> <p>The transport could remain open if the client did not close it. This change ensures the transport is closed when the client does not close it.</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst">aiohttp's changelog</a>.</em></p> <blockquote> <h1>3.9.4 (2024-04-11)</h1> <h2>Bug fixes</h2> <ul> <li> <p>The asynchronous internals now set the underlying causes when assigning exceptions to the future objects -- by :user:<code>webknjaz</code>.</p> <p><em>Related issues and pull requests on GitHub:</em> :issue:<code>8089</code>.</p> </li> <li> <p>Treated values of <code>Accept-Encoding</code> header as case-insensitive when checking for gzip files -- by :user:<code>steverep</code>.</p> <p><em>Related issues and pull requests on GitHub:</em> :issue:<code>8104</code>.</p> </li> <li> <p>Improved the DNS resolution performance on cache hit -- by :user:<code>bdraco</code>.</p> <p>This is achieved by avoiding an :mod:<code>asyncio</code> task creation in this case.</p> <p><em>Related issues and pull requests on GitHub:</em> :issue:<code>8163</code>.</p> </li> <li> <p>Changed the type annotations to allow <code>dict</code> on :meth:<code>aiohttp.MultipartWriter.append</code>, :meth:<code>aiohttp.MultipartWriter.append_json</code> and :meth:<code>aiohttp.MultipartWriter.append_form</code> -- by :user:<code>cakemanny</code></p> <p><em>Related issues and pull requests on GitHub:</em> :issue:<code>7741</code>.</p> </li> <li> <p>Ensure websocket transport is closed when client does not close it -- by :user:<code>bdraco</code>.</p> <p>The transport could remain open if the client did not close it. This change ensures the transport is closed when the client does not close it.</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
eb40377700
|
build(deps): bump scikit-learn from 1.4.1.post1 to 1.5.0 (#1671)
Bumps [scikit-learn](https://github.com/scikit-learn/scikit-learn) from 1.4.1.post1 to 1.5.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/scikit-learn/scikit-learn/releases">scikit-learn's releases</a>.</em></p> <blockquote> <h2>Scikit-learn 1.5.0</h2> <p>We're happy to announce the 1.5.0 release.</p> <p>You can read the release highlights under <a href="https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html">https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html</a> and the long version of the change log under <a href="https://scikit-learn.org/stable/whats_new/v1.5.html">https://scikit-learn.org/stable/whats_new/v1.5.html</a></p> <p>This version supports Python versions 3.9 to 3.12.</p> <p>You can upgrade with pip as usual:</p> <pre><code>pip install -U scikit-learn </code></pre> <p>The conda-forge builds can be installed using:</p> <pre><code>conda install -c conda-forge scikit-learn </code></pre> <h2>Scikit-learn 1.4.2</h2> <p>We're happy to announce the 1.4.2 release.</p> <p>This release only includes support for numpy 2.</p> <p>This version supports Python versions 3.9 to 3.12.</p> <p>You can upgrade with pip as usual:</p> <pre><code>pip install -U scikit-learn </code></pre> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
bbf9d6d786
|
build(deps): bump urllib3 from 2.2.1 to 2.2.2 (#1672)
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.2.1 to 2.2.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p> <blockquote> <h2>2.2.2</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h2>Changes</h2> <ul> <li>Added the <code>Proxy-Authorization</code> header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via <code>Retry.remove_headers_on_redirect</code>.</li> <li>Allowed passing negative integers as <code>amt</code> to read methods of <code>http.client.HTTPResponse</code> as an alternative to <code>None</code>. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3122">#3122</a>)</li> <li>Fixed return types representing copying actions to use <code>typing.Self</code>. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3363">#3363</a>)</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/urllib3/urllib3/compare/2.2.1...2.2.2">https://github.com/urllib3/urllib3/compare/2.2.1...2.2.2</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p> <blockquote> <h1>2.2.2 (2024-06-17)</h1> <ul> <li>Added the <code>Proxy-Authorization</code> header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via <code>Retry.remove_headers_on_redirect</code>.</li> <li>Allowed passing negative integers as <code>amt</code> to read methods of <code>http.client.HTTPResponse</code> as an alternative to <code>None</code>. (<code>[#3122](https://github.com/urllib3/urllib3/issues/3122) <https://github.com/urllib3/urllib3/issues/3122></code>__)</li> <li>Fixed return types representing copying actions to use <code>typing.Self</code>. (<code>[#3363](https://github.com/urllib3/urllib3/issues/3363) <https://github.com/urllib3/urllib3/issues/3363></code>__)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
8c2b91d3db
|
build(deps): bump requests from 2.31.0 to 2.32.2 (#1673)
Bumps [requests](https://github.com/psf/requests) from 2.31.0 to 2.32.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/releases">requests's releases</a>.</em></p> <blockquote> <h2>v2.32.2</h2> <h2>2.32.2 (2024-05-21)</h2> <p><strong>Deprecations</strong></p> <ul> <li> <p>To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed <code>_get_connection</code> to a new public API, <code>get_connection_with_tls_context</code>. Existing custom HTTPAdapters will need to migrate their code to use this new API. <code>get_connection</code> is considered deprecated in all versions of Requests>=2.32.0.</p> <p>A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (<a href="https://redirect.github.com/psf/requests/issues/6710">#6710</a>)</p> </li> </ul> <h2>v2.32.1</h2> <h2>2.32.1 (2024-05-20)</h2> <p><strong>Bugfixes</strong></p> <ul> <li>Add missing test certs to the sdist distributed on PyPI.</li> </ul> <h2>v2.32.0</h2> <h2>2.32.0 (2024-05-20)</h2> <h2>🐍 PYCON US 2024 EDITION 🐍</h2> <p><strong>Security</strong></p> <ul> <li>Fixed an issue where setting <code>verify=False</code> on the first request from a Session will cause subsequent requests to the <em>same origin</em> to also ignore cert verification, regardless of the value of <code>verify</code>. (<a href="https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56">https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56</a>)</li> </ul> <p><strong>Improvements</strong></p> <ul> <li><code>verify=True</code> now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (<a href="https://redirect.github.com/psf/requests/issues/6667">#6667</a>)</li> <li>Requests now supports optional use of character detection (<code>chardet</code> or <code>charset_normalizer</code>) when repackaged or vendored. This enables <code>pip</code> and other projects to minimize their vendoring surface area. The <code>Response.text()</code> and <code>apparent_encoding</code> APIs will default to <code>utf-8</code> if neither library is present. (<a href="https://redirect.github.com/psf/requests/issues/6702">#6702</a>)</li> </ul> <p><strong>Bugfixes</strong></p> <ul> <li>Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (<a href="https://redirect.github.com/psf/requests/issues/6589">#6589</a>)</li> <li>Fixed deserialization bug in JSONDecodeError. (<a href="https://redirect.github.com/psf/requests/issues/6629">#6629</a>)</li> <li>Fixed bug where an extra leading <code>/</code> (path separator) could lead urllib3 to unnecessarily reparse the request URI. (<a href="https://redirect.github.com/psf/requests/issues/6644">#6644</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's changelog</a>.</em></p> <blockquote> <h2>2.32.2 (2024-05-21)</h2> <p><strong>Deprecations</strong></p> <ul> <li> <p>To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed <code>_get_connection</code> to a new public API, <code>get_connection_with_tls_context</code>. Existing custom HTTPAdapters will need to migrate their code to use this new API. <code>get_connection</code> is considered deprecated in all versions of Requests>=2.32.0.</p> <p>A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (<a href="https://redirect.github.com/psf/requests/issues/6710">#6710</a>)</p> </li> </ul> <h2>2.32.1 (2024-05-20)</h2> <p><strong>Bugfixes</strong></p> <ul> <li>Add missing test certs to the sdist distributed on PyPI.</li> </ul> <h2>2.32.0 (2024-05-20)</h2> <p><strong>Security</strong></p> <ul> <li>Fixed an issue where setting <code>verify=False</code> on the first request from a Session will cause subsequent requests to the <em>same origin</em> to also ignore cert verification, regardless of the value of <code>verify</code>. (<a href="https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56">https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56</a>)</li> </ul> <p><strong>Improvements</strong></p> <ul> <li><code>verify=True</code> now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (<a href="https://redirect.github.com/psf/requests/issues/6667">#6667</a>)</li> <li>Requests now supports optional use of character detection (<code>chardet</code> or <code>charset_normalizer</code>) when repackaged or vendored. This enables <code>pip</code> and other projects to minimize their vendoring surface area. The <code>Response.text()</code> and <code>apparent_encoding</code> APIs will default to <code>utf-8</code> if neither library is present. (<a href="https://redirect.github.com/psf/requests/issues/6702">#6702</a>)</li> </ul> <p><strong>Bugfixes</strong></p> <ul> <li>Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (<a href="https://redirect.github.com/psf/requests/issues/6589">#6589</a>)</li> <li>Fixed deserialization bug in JSONDecodeError. (<a href="https://redirect.github.com/psf/requests/issues/6629">#6629</a>)</li> <li>Fixed bug where an extra leading <code>/</code> (path separator) could lead urllib3 to unnecessarily reparse the request URI. (<a href="https://redirect.github.com/psf/requests/issues/6644">#6644</a>)</li> </ul> <p><strong>Deprecations</strong></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
55028b2db7
|
build(deps): bump jinja2 from 3.1.3 to 3.1.4 (#1674)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.3 to 3.1.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pallets/jinja/releases">jinja2's releases</a>.</em></p> <blockquote> <h2>3.1.4</h2> <p>This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.</p> <p>PyPI: <a href="https://pypi.org/project/Jinja2/3.1.4/">https://pypi.org/project/Jinja2/3.1.4/</a> Changes: <a href="https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4">https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4</a></p> <ul> <li>The <code>xmlattr</code> filter does not allow keys with <code>/</code> solidus, <code>></code> greater-than sign, or <code>=</code> equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pallets/jinja/blob/main/CHANGES.rst">jinja2's changelog</a>.</em></p> <blockquote> <h2>Version 3.1.4</h2> <p>Released 2024-05-05</p> <ul> <li>The <code>xmlattr</code> filter does not allow keys with <code>/</code> solidus, <code>></code> greater-than sign, or <code>=</code> equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. :ghsa:<code>h75v-3vvj-5mfj</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
daf86dbf74
|
build(deps): bump flask-cors from 4.0.0 to 4.0.1 (#1675)
Bumps [flask-cors](https://github.com/corydolphin/flask-cors) from 4.0.0 to 4.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/corydolphin/flask-cors/releases">flask-cors's releases</a>.</em></p> <blockquote> <h2>4.0.1</h2> <h2>What's Changed</h2> <ul> <li>Fix Read the Docs builds by <a href="https://github.com/kurtmckee"><code>@kurtmckee</code></a> in <a href="https://redirect.github.com/corydolphin/flask-cors/pull/345">corydolphin/flask-cors#345</a></li> <li>Update extension.py to clean request.path before logging it by <a href="https://github.com/aneshujevic"><code>@aneshujevic</code></a> in <a href="https://redirect.github.com/corydolphin/flask-cors/pull/351">corydolphin/flask-cors#351</a></li> <li>Update CI to include Python 3.12 and flask 3.0.3 by <a href="https://github.com/corydolphin"><code>@corydolphin</code></a> in <a href="https://redirect.github.com/corydolphin/flask-cors/pull/354">corydolphin/flask-cors#354</a></li> <li>Release 4.0.1 by <a href="https://github.com/corydolphin"><code>@corydolphin</code></a> in <a href="https://redirect.github.com/corydolphin/flask-cors/pull/353">corydolphin/flask-cors#353</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/kurtmckee"><code>@kurtmckee</code></a> made their first contribution in <a href="https://redirect.github.com/corydolphin/flask-cors/pull/345">corydolphin/flask-cors#345</a></li> <li><a href="https://github.com/aneshujevic"><code>@aneshujevic</code></a> made their first contribution in <a href="https://redirect.github.com/corydolphin/flask-cors/pull/351">corydolphin/flask-cors#351</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/corydolphin/flask-cors/compare/4.0.0...4.0.1">https://github.com/corydolphin/flask-cors/compare/4.0.0...4.0.1</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/corydolphin/flask-cors/blob/main/CHANGELOG.md">flask-cors's changelog</a>.</em></p> <blockquote> <h2>4.0.1</h2> <h3>Security</h3> <ul> <li>Address <a href="https://github.com/advisories/GHSA-84pr-m4jr-85g5">CVE-2024-1681</a> which is a log injection vulnerability when the log level is set to debug by <a href="https://github.com/aneshujevic"><code>@aneshujevic</code></a> in <a href="https://redirect.github.com/corydolphin/flask-cors/pull/351">corydolphin/flask-cors#351</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
b2ef6a05a1
|
build(deps): bump idna from 3.6 to 3.7 (#1676)
Bumps [idna](https://github.com/kjd/idna) from 3.6 to 3.7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/kjd/idna/releases">idna's releases</a>.</em></p> <blockquote> <h2>v3.7</h2> <h2>What's Changed</h2> <ul> <li>Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]</li> </ul> <p>Thanks to Guido Vranken for reporting the issue.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/kjd/idna/compare/v3.6...v3.7">https://github.com/kjd/idna/compare/v3.6...v3.7</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/kjd/idna/blob/master/HISTORY.rst">idna's changelog</a>.</em></p> <blockquote> <p>3.7 (2024-04-11) ++++++++++++++++</p> <ul> <li>Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]</li> </ul> <p>Thanks to Guido Vranken for reporting the issue.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |